At the Black Hat conference held at the weekend in Las Vegas, Apple made a long-awaited announcement for security researchers.
The Cupertino-based firm announced that it was expanding its bug bounty programme to include macOS, tvOS, watchOS and iCloud.
As The Verge reports, Apple started its bug bounty programme three years ago but it only paid bounties for bugs discovered in iOS. Now researchers will be rewarded for discovering bugs on all of Apple’s software and hardware.
The maximum reward has also been raised from $200 000 to $1 million although that relates solely to persistent full-chain code execution that doesn’t require user interaction.
Apple will also pay bounties for the following bug discoveries:
- Lock screen bypass: $100 000
- User data extraction: $250 000
- Unauthorised access to high-value user data: $100 000
- Kernel code execution: $150 000
- CPU side-channel attack on high-value data: $250 000
- One-click unauthorised access to high-value user data: $150 000
- On-click kernel code execution: $250 000
- Zero-click radio to kernel with physical proximity network attack: $250 000
- Zero click access to high-value user data: $500 000
- Persistent full-chain kernel code execution attack without user interaction: $1 000 000
Researchers and developers who discover bugs and wish to submit a report can head to Apple’s developer page to find the process for submitting reports.
Whether this updated programme will inspire folks to come to Apple rather than publish bugs on hacking forums or the dark web remains to be seen.
At least now there’s an incentive for folks to go to Apple first.